From 8559d74b6337caf1173ef440c4105e0b0e6d3e54 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 5 Jun 2020 18:14:05 +0000
Subject: [PATCH 16/87] Use IANA allocated GOST ClientCertificateTypes.

IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compatibility).

Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>

Sponsored by ROSA Linux

ok inoguchi@ tb@
---
 src/lib/libssl/s3_lib.c |  6 +++++-
 src/lib/libssl/ssl3.h   |  4 ++--
 src/lib/libssl/tls1.h   | 14 ++++++++------
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f98ec3e09..e2fef7258 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.194 2020/06/05 17:58:32 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.195 2020/06/05 18:14:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2553,6 +2553,10 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 			return 0;
 		if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
 			return 0;
+		if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
+			return 0;
+		if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
+			return 0;
 	}
 #endif
 
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 30dc4c5d7..a102d1143 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.51 2020/06/05 18:14:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -348,7 +348,7 @@ typedef struct ssl3_buffer_st {
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER			11
+#define SSL3_CT_NUMBER			13
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2230f0bab..8cd522658 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.40 2020/01/02 06:23:16 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.41 2020/06/05 18:14:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -735,16 +735,18 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
 #define TLS_CT_DSS_FIXED_DH		4
+#define TLS_CT_GOST94_SIGN		21
+#define TLS_CT_GOST01_SIGN		22
 #define TLS_CT_ECDSA_SIGN		64
 #define TLS_CT_RSA_FIXED_ECDH		65
 #define TLS_CT_ECDSA_FIXED_ECDH 	66
-#define TLS_CT_GOST94_SIGN		21
-#define TLS_CT_GOST01_SIGN		22
-#define TLS_CT_GOST12_256_SIGN		238 /* FIXME: IANA */
-#define TLS_CT_GOST12_512_SIGN		239 /* FIXME: IANA */
+#define TLS_CT_GOST12_256_SIGN		67
+#define TLS_CT_GOST12_512_SIGN		68
+#define TLS_CT_GOST12_256_SIGN_COMPAT	238 /* pre-IANA, for compat */
+#define TLS_CT_GOST12_512_SIGN_COMPAT	239 /* pre-IANA, for compat */
 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there) */
-#define TLS_CT_NUMBER			11
+#define TLS_CT_NUMBER			13
 
 #define TLS1_FINISH_MAC_LENGTH		12
 
-- 
2.17.1